Date: Sun, 5 Dec 2004 15:14:08 -0800 From: Marcel Moolenaar <marcel@xcllnt.net> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/sys vnode.h src/sys/gnu/ext2fs ext2_vnops.c src/sys/nfsclient nfs_vnops.c src/sys/ufs/ufs ufs_vnops.c Message-ID: <5DA9481A-4713-11D9-A4F2-000D93C47836@xcllnt.net> In-Reply-To: <68666.1102286230@critter.freebsd.dk> References: <68666.1102286230@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 5, 2004, at 2:37 PM, Poul-Henning Kamp wrote: > In message <200412052230.iB5MUTZs021927@repoman.freebsd.org>, Marcel > Moolenaar > writes: >> marcel 2004-12-05 22:30:29 UTC >> >> FreeBSD src repository >> >> Modified files: >> sys/sys vnode.h >> sys/gnu/ext2fs ext2_vnops.c >> sys/nfsclient nfs_vnops.c >> sys/ufs/ufs ufs_vnops.c >> Log: >> Fix null-pointer indirect function calls introduced in the previous >> commit. In the new world order, the transitive closure on the vector >> operations is not precomputed. As such, it's unsafe to actually use >> any of the function pointers in an indirect function call. > > Uhm not really. > > You'll notice that these three cases vector through a fifo_*specop*. > > The "specop" as opposed to "vnodeop", means that you're supposed to > know what you're doing. > > Did you actually get a zero pointer deref on this ? Yes, on vop_write(). See my posting to current@ http://docs.freebsd.org/cgi/getmsg.cgi?fetch=895498+0+archive/2004/ freebsd-current/20041205.freebsd-current You need: rpcbind_enable=YES rpc_lockd_enable=YES rpc_statd_enable=YES if you want to trigger the bug. The null-pointer dereference happens on all platforms. -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5DA9481A-4713-11D9-A4F2-000D93C47836>